Last updated: July 2026
In short: BIMI shows your brand logo next to your emails in the inbox. After this guide you publish the
default._bimiTXT record in the CCP — and know the real prerequisites: DMARC, SVG logo, certificate.
Prerequisites
- A domain at Netcup with access to the Customer Control Panel (CCP)
- DMARC at enforcement (
p=quarantineorp=reject) - Logo as SVG Tiny PS and (for Gmail & co.) a VMC
What is BIMI?
BIMI (Brand Indicators for Message Identification) is a TXT record that points to your brand logo. Gmail, Apple Mail, and Yahoo then show it next to your authenticated emails. BIMI is not a security method of its own, but the visible reward for clean SPF, DKIM, and DMARC — and thus the last step.
The real work isn’t in the record
The TXT record is the same everywhere. The effort is the prerequisites, which the BIMI Group names clearly:
- DMARC at enforcement. Your policy must “be at enforcement on the organizational domain and subdomains” — a
p=noneor apctunder 100 “policies or ‘pct’ less than 100 percent are not accepted”. If your DMARC is still onnone, first work through the DMARC guide for Netcup. - SVG logo. “Produce an SVG Tiny PS version of your official logo” — square, over HTTPS.
- VMC or CMC. Per the BIMI Group “highly recommended, but Optional”; in practice needed for display at Gmail & co. Self-asserted BIMI “records have limited support across the various Mailbox Providers”.
Step-by-step guide
1. Check the prerequisites
With the free MXAudit scanner you check SPF, DKIM, and DMARC — DMARC must be at quarantine/reject.
2. Provide the logo and (optionally) certificate
Place the logo as SVG Tiny PS over HTTPS, obtain a VMC/CMC from a Mark Verifying Authority, and also serve the .pem file over HTTPS.
3. Create the BIMI TXT record in the CCP
As with the DKIM entry: CCP → Domains → magnifying glass icon → DNS tab:
- Host:
default._bimi - Type:
TXT - Destination:
v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/vmc.pem
Basic scheme per the BIMI Group: default._bimi.[domain] IN TXT "v=BIMI1; l=[SVG URL]; a=[PEM URL]". Without a certificate you leave out a= — it’s “currently optional”. A real record (ebay.com):
v=BIMI1;l=https://vmc.digicert.com/….svg;a=https://vmc.digicert.com/….pem
4. Wait and check
After DNS propagation, check the record with the MXAudit scanner or the BIMI Inspector of the BIMI Group.
Common mistakes
BIMI without DMARC enforcement. Record set, but DMARC on p=none — no logo. quarantine/reject is mandatory.
Wrong SVG format. Only SVG Tiny PS, square.
No VMC, expecting Gmail display. Without a certificate the logo usually stays invisible at the large providers.
Logo not over HTTPS. l= and a= must point to files publicly reachable over HTTPS.
Further reading
- BIMI Group: Implementation Guide (retrieved: July 10, 2026)
- BIMI Group: Creating an SVG logo (retrieved: July 10, 2026)
- Google Workspace Help: BIMI (retrieved: July 10, 2026)
